-----Original Message----- From: List [mailto:[email protected]] On Behalf Of Steve Yates Sent: June-18-15 4:25 PM To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] Gateway failures, how to access everything behind it still so that I can debug?
Chuck Mariotti wrote on Thu, Jun 18 2015 at 3:15 pm: > Are you asking how to connect into your rack from outside the data > center? pfSense does have a CARP feature where a second firewall can be set > up for failover. It needs a few things like three WAN IPs for the routers > (1, 2, and shared), and three LAN IPs >(same), and they recommend a separate > interface on each for syncing. > > If you're asking how to get to the servers, we plug a patch cable into > the switch in our rack... Oddly, I am asking so that I can avoid this exact configuration... CARP seems complicated... I am certain I can set it up, but it would require a lot of training for the other techs to be able to manage in a failure situation. Also, I am trying to avoid this because the intention is that they would also being running as VM's... adding another layer of complication... Combine that with VLANS and it isn't something I want to put in the hands of a simple tech at 4am... My thoughts were to setup a simple VM of pfSense... give it physical port access, etc... set it up like a regular firewall. Then, have it cloned nightly to another VM on another box... but not have it running... only in waiting to be powered up. This other box would be physically hooked up to the same simple ports on the switch as the primary firewall. If the firewall fails... then it should be a matter of making sure the problem firewall is powered down and powering up the clone. The problem I had was, how do I get into the network behind the firewall so that I can power down the bad and power up the good clone? Or is there a better/easier solution? Chuck _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
